ID CVE-2005-0056
Summary Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:03:12.589-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2385
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE5.01,SP3 Channel Definition Format Cross Domain Vulnerability
    version 67
  • accepted 2014-02-24T04:03:13.821-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2817
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE for Server 2003 Channel Definition Format Cross Domain Vulnerability
    version 67
  • accepted 2014-02-24T04:03:14.995-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3318
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE6,SP1 Channel Definition Format Cross Domain Vulnerability
    version 67
  • accepted 2014-02-24T04:03:17.869-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4085
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE6,SP2 Channel Definition Format Cross Domain Vulnerability
    version 66
  • accepted 2014-02-24T04:03:20.486-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4947
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE5.01,SP4 Channel Definition Format Cross Domain Vulnerability
    version 67
refmap via4
bid 12427
cert TA05-039A
cert-vn VU#823971
ms MS05-014
sectrack 1013126
xf ie-cdf-execute-code(19137)
Last major update 12-10-2018 - 21:36
Published 02-05-2005 - 04:00
Back to Top